You know how every time you go to a new doctor, you have to sign this form (does anybody read it?) that talks about your rights to privacy for your medical records? Vendors of medical services have their own requirements to live up to, and Box has announced that it is complying with those regulations, in hopes that it will become more widely used as a file transfer medium in the healthcare industry.

In addition, the company now has ten new healthcare applications. Box is doing this by partnering with a number of other vendors. According to Jasmine Pennic at HIT Consultant Media, those applications are:

Clinical documentation:Drchrono, a cloud and web-based HER application accessible from iPads and iPhones; and Umbie DentalCare, a dental care web-based practice management system for dentists available on the desktop and tablet.

Care coordination:TigerText, an encrypted SaaS platform for secure text messaging in a clinical setting; Doximity, an online professional network designed for U.S. physicians; and mMedigram, a secure group messaging app for the hospital environment; PostureScreen Mobile, posture analysis screening and evaluation software for mobile devices.

Interoperability:MedViewer, a DICOM viewer for viewing, communicating and sharing medical images on iPhone and iPad; iPaxera PACS Viewer, a PACS viewing app designed for iPad, iPhone and iPod; and Medi-Copy, which provides Release of Information (ROI) request services and creates electronic copies of patient medical records.

Access to care:HealthTap, which provides users with personalized health information and free online and mobile answers from physicians.

Box is also supporting the requirements of the Health Information Technology for Economic and Clinical Health (HITECH) Act, and is investing in drchrono.

Compliance requirements include the following, writes Patrick Ouellette in Health IT Security.

Data encryption occurs in transit and at rest

Restricted physical access to production servers

Strict logical system access controls

Data file access granted by customers

Audit trail of account activities on both user and content

Formally defined and tested breach notification policy

Training of employees on security policies and controls

Employee access to customer data files are highly restricted

Redundant data center facilities to mitigate disaster situations

Support for HIPAA and HITECH could also help the cloud storage company improve its reputation for security and privacy overall; various incidents have sometimes led to such services, rightly or wrongly, being seen as insecure. In particular, noted GigaOm, it may make Box more attractive to enterprise users, as well as for a planned initial public offering.

Moreover, HIPAA support could also make it easier for healthcare providers to implement BYOD, writes Ouellette. “Clinicians would now be able to set up secure cloud folders for a patient’s medical records or collaborate on a patient’s diagnosis with the Box mobile application in a compliant manner,” he writes.

HIPAA requirements can be pretty arduous; for example, the Boise-based WhiteCloud Analytics healthcare analytics software company, had to have a separate set of doors, through which one can enter only by being buzzed in, due to HIPAA requirements.

Chances are, this isn’t the first such announcement. Now that Box has come up with the idea, one can expect that other cloud storage vendors — like Dropbox, Microsoft’s Skydrive, Google’s Drive, and so on — will soon follow suit. Microsoft’s Office 365 already supports HIPAA and in fact the company has also announced improvements in its HIPAA support.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy

It's good to see IT and security product vendors get on board with some real solutions to help take the pain out of government regulations. The bad part of this is that many in healthcare - especially management - assume they can deflect their own compliance responsibilities because they use a product or server that's "HIPAA compliant". As much as they'd love it, compliance doesn't come in a box. Thanks for the info Sharon.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States.
Privacy